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DETAILED ACTION 

1. Claims 1-28 have been examined. 

Priority 

2. Acknowledgment is made of Applicant's claims benefit of 60/393,606 filed on 03 
July 2002. 

Claim Objections 

3. Claims 6 and 1 9 are objected to because of the following informalities: 

a. In claims 6 and 1 9, in order to be consistent with the specification and 
avoid confusion, revise "key administrator" to "key generator administer and certifier"; 

Check the claims and correct any informality the Applicant is aware of. 
Appropriate corrections are required. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1-5, 9-18 and 22-28 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Gould et al. (U.S. Patent 6,920,561). 
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As per claim 1, Gould et al. discloses a method comprising: 
receiving a request for access to a service (col. 1 , lines 29-31 and col. 5, lines 
60-64); 

collecting a biometric sample from a user associated with the request (col. 5, 
lines 14-17); 

comparing the biometric sample to a biometric template associated with the user 
(col. 5, lines 26-28 and step 412 of fig 4); and providing access to a private key in 
accordance with a result of the comparing step (step 416 of fig. 4 and col. 1, lines 53- 
54). 

As per claims 2, 4, 9, 12, Gould et al. discloses a method as applied in claim 1 . 
Gould et al. further discloses if the result indicates a match, generating a digital 
signature using the private key to the user (col. 1, lines 53-54), providing a biometric 
signature corresponding to the collected biometric sample to the service associated with 
the request (col. 1, lines 54-55 and col. 1, lines 63-67 - col. 2, lines 1-3), encrypting the 
collected biometric sample for transmission to an authentication server (col. 5, lines 19- 
21 and claim 1/b and claim 6); and including integrity information in the encrypted 
biometric sample (col. 5, lines 19-21 ); associating user identification information with 
the private key (col. 5, lines 32-36); and maintaining a digital certificate containing the 
user identification information and a public key corresponding to the private key (col. 5, 
lines 32-47). 
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As per claim 3, Gould et al. discloses a method as applied in claim 2. Gould et 
al. further discloses providing the digital signature to the service associated with the 
request (step 406 of fig. 4 and col. 5, lines 43-46). 

As per claim 5, Gould et al. discloses a method as applied in claim 4. Gould et 
al. further discloses allowing the service to determine whether to fulfill a transaction 
corresponding to the request in accordance with the result of the comparing step (step 
420, 422, 424 and 426 of fig. 4). 

As per claims 10 and 11, Gould et al. discloses a method as applied in claim 9. 
Gould et al. further discloses decrypting the encrypted biometric sample at the 
authentication server (col. 5, lines 22-26); and checking the integrity information 
included with the biometric sample (step 410 of fig. 4) and wherein the integrity 
information includes a unique transaction identifier (signature and message via step 410 
of fig. 4 - e.g. col. 5, lines 25-26). 

As per claim 13, Gould et al. discloses a method as applied in claim 1. Gould et 
al. further discloses wherein the biometric sample includes a fingerprint scan (col. 4, 
lines 41-44). 

As per claim 14, Gould et al. discloses an apparatus comprising: 
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means for receiving a request for access to a service (col. 1 , lines 29-31 and col. 
5, lines 60-64); 

means for collecting a biometric sample from a user associated with the request 
(col. 5, lines 14-17); 

means for comparing the biometric sample to a biometric template associated 
with the user (col. 5, lines 26-28 and step 412 of fig 4); and 
means for providing access to a private key in accordance with a result of the 
comparing step (col. 5, lines 35-37, step 416 of fig. 4 and col. 1, lines 53-54) 

As per claims 15, 17, 22 and 25, Gould et al. discloses an apparatus as applied 
in claim 14. Gould et al. further discloses if the result indicates a match, means 
for generating a digital signature using the private key to the user (col. 1 , lines 
53-54), means for providing a biometric signature corresponding to the collected 
biometric sample to the service associated with the request (col. 1, lines 54-55 
and col. 1 , lines 63-67 - col. 2, lines 1 -3), means for encrypting the collected 
biometric sample for transmission to an authentication server (col. 5, lines 19-22 
and claims 7 and 13); and means for including integrity information in the 
encrypted biometric sample (col. 5, lines 19-21) and means for associating user 
identification information with the private key (col. 5, lines 32-36); and means for 
maintaining a digital certificate containing the user identification information and a 
public key corresponding to the private key (col. 5, lines 32-47). 
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As per claim 16, Gould et al. discloses an apparatus as applied in claim 15: 
Gould et al. further discloses means for providing the digital signature to the 
service associated with the request (step 406 of fig.4 and col. 5, lines 43-46). 

As per claim 18, Gould et ai. discloses an apparatus as applied in claim 17. 
Gould et al. further discloses means for allowing the service to determine 
whether to fulfill a transaction corresponding to the request in accordance with a 
result of the comparing means (col. 5, lines 38-46). 

As per claims 23 and 24, Gould et al. discloses an apparatus as applied in claim 
22. Gould et al. further discloses means for decrypting the encrypted biometric 
sample at the authentication server (col. 5, lines 22-26); and means for checking 
the integrity information included with the biometric sample (step 410 of fig. 4) 
and wherein the integrity information includes a unique transaction identifier 
(signature and message via step 410 of fig. 4 - e.g. col. 5, lines 25-26). 

As per claim 26, Gould et al. discloses an apparatus as applied in claim 14. 
Gould et al. further discloses wherein the biometric sample includes a fingerprint 
scan (col. 4, lines 41-44). 
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As per claim 27, Gould et al. discloses an authentication infrastructure 
comprising: 

a server that intercepts requests for access to a service (col. 5, lines 60-64 and 
fig. 1 ); and 

a client that collects a biometric sample from a user associated with the request 
(col. 5, lines 14-17) wherein the server maintains a biometric template associated 
with the user for authenticating the collected biometric sample (Biometric input 
and user credentials are associated together to provide a template which is 
stored in a database on the server -e.g. col. 5, lines 2-4) 
and wherein the server provides access to a private key in accordance with a 
result of the authentication (step 410, 412, 414 and 416 of fig. 4), so that the user 
need not maintain a token for accessing the service ("No additional element such 
as a smart card is required" -e.g. col. 5, lines 57-59 and abstract). 

As per claim 28, Gould et al. discloses an authentication infrastructure as 
applied in claim 27. Gould et al. further discloses wherein the private key is used to 
sign a message (col. 5, lines 35-37) for allowing the user to perform a transaction with 
the service, the service obtaining a corresponding public key from the server (col. 5, 
lines 38-40). 
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Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art, 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

8. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 
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9. Claims 6-8 and 19-21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gould et al. (cited above) 

As per claims 6-8 and 19-21, Gould et al. show the method, apparatus and 
authentication infrastructure discussed above in claims 1-5, 9-18 and 22-28. Gould et 
al further teaches creating the biometric template for the user only if registration is 
verified (col. 5, lines 2-4) and generating the private key only if the biometric template is 
successfully created (col. 5, lines 19-21). Gould et al. does not specifically show 
generating pre-enrollment keys and final pre-enrollment key from different individuals. 
The Examiner takes Official Notice that one of ordinary skill in the art would know 
generating pre-enrollment keys and final enrollment key from different individuals in the 
process of enrollment of a user (A department store central server grants a customer 
random generated codes (these codes are pre-enrollment keys) showing on a receipt to 
the customer upon verifying/keying the customer's credential by a store's salesman 
during store credit card enrollment, which allows the customer to shop for a set of time 
period until the real store credit card arrives. A different operator at the card-issuing 
office verifies the information and grant/mail the customer an official store credit card. 
The code on the official card is the final enrollment key). Therefore, it would be obvious 
to one of ordinary skill in the art at the time of the invention to add this feature 
motivating by providing convenience and security to the customer. 

Double Patenting 

10. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
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unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Long/, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



11. Claims 1 , 13, 14, 26 and 27 are provisionally rejected on the ground of 
nonstatutory obviousness-type double patenting as being unpatentable over claims 1, 
17, 18, 20, 36, 39 and 44 of copending Application No. 09/801,468 (U.S. Patent 
Application Publication 2003/0208684). Although the conflicting claims are not identical, 
they are not patentably distinct from each other because claims 1 , 17, 18, 20, 36, 39 
and 44 in the copending application encompass the same subject matter as claims 1, 
13, 14, 26 and 27 in the application. This is a provisional obviousness-type double 
patenting rejection because the conflicting claims have not in fact been patented. 

Claim 1 recites a method comprising: receiving a request for access to a service 
(claim 1, "receiving a message ...to use on-line resources" of copending 
application publication); collecting a biometric sample from a user associated 
with the request (claim 1, "obtaining an indicia of physical identification... if 
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authentication is required" of copending application publication and claim 17, 
"wherein the indicia is a biometric" in the copending application publication); 
comparing the biometric sample to a biometric template associated with the user 
(claim 1, "comparing the obtained indicia... for the user" of copending application 
publication); and providing access to a private key in accordance with a result of 
the comparing step (claim 1, "enabling the request... matches the stored indicia" 
of copending application publication). 

Claim 13 recites wherein the biometric sample includes a fingerprint scan (claim 
18, "wherein the biometric is one or more a fingerprint... .and a handwriting 
sample" of copending application publication). 

Claim 14 recites an apparatus comprising: means for receiving a request for 
access to a service (claim 20, "means for receiving a message... to use on-line 
resources" of copending application); means for collecting a biometric sample 
from a user associated with the request (claim 20, "means for obtaining an indicia 
of physical identification... if authentication is required" of copending application 
and claim 36, "wherein the indicia is a biometric" of copending application); 
means for comparing the biometric sample to a biometric template associated 
with the user (claim 20, "means for comparing the obtained indicia... for the user" 
of copending application); and means for providing access to a. private key in 
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accordance with a result of the comparing step (claim 20, "means for enabling 
the request... matches the stored indicia" of copending application publication). 

Claim 26 recites wherein the biometric sample includes a fingerprint scan (claim 
37, "wherein the biometric is one or more of a fingerprint... .and a handwriting 
sample" of copending application). 

Claim 27 recites an authentication infrastructure comprising: a server that 
intercepts requests for access to a service (claim 39, "a server that is adapted to 
communicate... to use the network based service" of copending application); and 
a client that collects a biometric sample from a user associated with the request 
(claim 39, "a rule subsystem... if authentication is required" of copending 
application and claim 44, "wherein the indicia is a biometric" of copending 
application), wherein the server maintains a biometric template associated with 
the user for authenticating the collected biometric sample (claim 39, "an 
authentication subsystem... to a stored indicia for the user" of copending 
application), and wherein the server provides access to a private key in 
accordance with a result of the authentication, so that the user need not maintain 
a token for accessing the service. 

Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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> Gilchrist et al. (U.S. Patent No. 6,167,517) discloses providing a method for 
authenticating an identity of a user in order to secure access to a host system. 

> Bora (U.S. Patent No. 6,076,167) discloses a method of enhancing network 
security for a communication session initiated between a first computer and a 
second computer. 

> Matyas, Jr. et al. (U.S. Patent No. 6,507,912) discloses a key-dependent 
sampling of a biometric characteristic is performed at a client. 

> Musgrave et al. (U.S. Patent No. 6,202,151) discloses a technique for combining 
biometric identification with digital certificate for electronic authentication called 

, biometric certificate. 



Contact Information 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to April Y. Shan whose telephone number is (571) 270- 
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1014. The examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 
p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




1 1 October 2006 
AYS 



